course hero which of the following are types of database attacks? (choose all that apply)

by Emory Kihn 3 min read

What is role based access control?

a. Role based access controls within the application which accurately map required access permissions to job function.

What is monitoring/alerting at the data tier?

For an added bonus, include monitoring/alerting at the data tier for any use of dynamic queries. This will detect an attacker who has, for example, managed to bypass the application and query the database directly.

What is SQL injection vulnerability?

SQL injection vulnerabilities occur when application code contains dynamic database queries which directly include user supplied input. This is a devastating form of attack and BSI Penetration Testers regularly find vulnerable applications that allow complete authentication bypass and extraction of the entire database.

What is the best way to stop SQL injection?

a. Avoid the use of dynamic queries within applications. Use of prepared statements with parametrised queries will stop SQL injection.

Why should backups be encrypted?

a. All backups should be encrypted to protect confidentiality and integrity of the data , and this must include proper key management. Keys must not fall into the wrong hands but must be available when needed to restore data.

How to prevent users from choosing common passwords?

a. Implement brute force controls such as account lockout after a set number of invalid attempts. Use password blacklisting to prevent users choosing common passwords.

Can users abuse data access privileges?

Users may abuse legitimate data access privileges for unauthorised purposes . For example, a user in sales with privileges to view individual customer records may abuse that privilege to retrieve all customer records to pass to a competitor.

What is a database?

A database is a key resource for businesses, often containing sensitive information about customers or clients. Therefore, cybercriminals recognize their value and will attempt to hack into them. They may do so through guessing default or weak passwords, using packet sniffers to intercept network traffic, launching a SQL injection to ''trick'' the database or gaining access through an employee with too many privileges.

How to protect database information?

And, speaking of access permissions, controlling the level of access that internal employees have to information is another good way to protect database information. Data access should be granted to the fewest number of people possible that are needed to perform the work-related tasks. You can also set up a database to provide temporary credentials when user access is necessary, keeping things locked down tightly in the meantime.

How to protect database passwords?

Perhaps the simplest step in protecting a database is ensuring that not only are default log-in credentials changed but that they are changed to complex passwords that will be difficult for cybercriminals to guess. Better yet, routine, mandatory password changes can further safeguard sensitive data.

How does SQL injection work?

It works by inserting SQL query statements into website fields, which can overwhelm the web page, resulting in a false request being sent to the database. Once this happens, the cybercriminal is able to run additional queries to manipulate the database and expose its contents.

How to protect against hacking?

One of the most basic lines of defense against any type of hacking is to ensure security patching is a regular staple of your company's security program. This means keeping current on updates to operating systems, programs and applications. Manufacturers regularly release patches to known vulnerabilities that cybercriminals may try to exploit. Installing these patches can further safeguard your databases.

What is the best way to protect a database?

Protecting a database starts with strong passwords that are changed regularly, a robust security patching system to safeguard against exploited vulnerabilities, encryption techniques, safety hardware such as a firewall or limiting access controls to a minimum number of individuals.

How does firewall protect database?

Firewalls can help protect a database by blocking any traffic trying to reach it from unspecified sources. That means you could limit external traffic completely and cut back on internal traffic, making that only from those users with appropriate access permissions.

image